After years of only needing central auth for Unix-like systems, I need to integrate Windows clients into my auth mix. Rather than munging my current OpenLDAP directory to contain Windows information, I elected to migrate to Samba 4. Samba 4 can act as a Windows domain controller and also exposes an LDAP interface for Unix . . . → Read More: FreeBSD authentication against Samba 4 LDAP
I’m setting up a new FreeBSD web server. As 10.0 is just around the corner, I installed 10.0-BETA2. BETA4 is out, so it’s time to upgrade.
# freebsd-update -r 10.0-BETA4 upgrade Looking up update.FreeBSD.org mirrors… 5 mirrors found. …
That all looks good. Then I installed the update
# freebsd-update install …
And the install . . . → Read More: FreeBSD-update seems to hang on 10.0-BETA2
I have an old mail server running Postfix and courier-imap. We want to split our customers off onto their old server, preferably something with a pretty pointy-clicky interface so that they can manage their own accounts. (Yes, people do still buy email service these days.)
The old server runs FreeBSD, postfix, and courier-imap. The new . . . → Read More: Moving mailboxes from Courier/Maildir to DirectAdmin/dovecot/Maildir
Last night’s talk on OpenBSD is now live in the mug.org channel.
Part 1 Part 2
UPDATE: All in one.
Among other things, I compare OpenBSD to Richard Stallman and physically assault an audience member. (Brian was a very good spots, and learned an important lesson about volunteering, e.g.: don’t.) We also talk long long . . . → Read More: mug.org OpenBSD talk on-line
I was researching next week’s OpenBSD talk and thought “You know, I ought to tell the story about VRRP, CARP, and Cisco. That’s a good one, and it illustrates how the OpenBSD community works and thinks.” It’s been ten years, so I decided to do some research to make sure I had my facts straight.
. . . → Read More: Cisco supports CARP? Ha ha ha hahaha…
The fine folks at BSDNow.tv have requested my presence this Wednesday for an interview. We’ll talk sudo, FreeBSD, OpenBSD, and whatever else comes to mind.
You can watch it live, this Wednesday at 2PM EST.
PS: Hey, boss, I’ll be out Wednesday afternoon. Personal business.
I use SolusVM as a virtualization solution, mainly because it’s pretty cheap and mostly effective. The new web-managed migration feature requires that the master node have SSH access into the slave nodes. As root. (Insert lots of swearing here.)
This isn’t a problem, except that I centrally manage my OpenSSH configuration with Ansible. I don’t . . . → Read More: checking group membership in Ansible templates
Thursday night, I finished the first draft of Sudo Mastery. Today, I went through the manuscript, removed my known tics, discovered a few more tics that needed killing, cleaned up bits and pieces, and now have a work ready for technical review.
Which is where you lot come in. I’m looking for people with sudo . . . → Read More: “Sudo Mastery” tech reviewers wanted
I’ve previously written about managing the OpenSSH server with Ansible. That example focused on my BSD servers. I also manage Ubuntu and CentOS machines as well as my FreeBSD and OpenBSD. While the BSD machines are very similar, Ubuntu and CentOS might are two different operating systems. Can I manage all of them by hand? . . . → Read More: Cross-platform OpenSSH server management with Ansible
My environment has two common tasks when managing OpenSSH servers: copying user’s authorized_keys files to the server, and changing the sshd configuration file /etc/ssh/sshd_config. I use Ansible for both, using a single playbook. Running the playbook updates all the authorized_keys files on every host and verifies that sshd is properly configured. (Not that any of . . . → Read More: managing sshd with Ansible